UbuntuUSN-2321-1OpenStack Neutron vulnerabilities
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
81.6%
Releases
- Ubuntu 14.04 ESM
Packages
- neutron - OpenStack Virtual Network Service
Details
Liping Mao discovered that OpenStack Neutron did not properly handle
requests for a large number of allowed address pairs. A remote
authenticated attacker could exploit this to cause a denial of service.
(CVE-2014-3555)
Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain
tokens. An attacker could possibly use this issue to obtain authentication
tokens used in REST requests. (CVE-2014-4615)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | neutron-common | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-dhcp-agent | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-l3-agent | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-lbaas-agent | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-metadata-agent | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-metering-agent | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-plugin-bigswitch | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-plugin-bigswitch-agent | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-plugin-brocade | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | neutron-plugin-cisco | < 1:2014.1.2-0ubuntu1.1 | UNKNOWN |
Related
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
81.6%